Hints for High-Assurance Cyber-Physical System Design

ABSTRACT:

With deference to Butler Lampson, I present five hints specifically for building high-assurance cyber-physical systems: (1) use Turing-incomplete languages (2) simple interfaces are secure interfaces, (3) program the glue code and architecture, (4) system verification is a probabilistic game, and (5) high-assurance systems require a high-assurance culture.